1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TOR - Is it really anonymous

Discussion in 'Proxies' started by Cookie-Monster, Feb 16, 2011.

  1. Cookie-Monster

    Cookie-Monster Registered Member

    Joined:
    Sep 29, 2010
    Messages:
    55
    Likes Received:
    6
    I've been reading TORs documentation extensively and I feel it is very anonymous. I understand the exit node can be sniffed, since traffic is unencrypted at this node (a buddy of mine harvested emails in this manner), I don't care if the exit node is sniffed, as I am not dealing with my personal sensitive data anyway. My only goal in anonymity is to have my traffic not be traced back to the source. I just feel very unsafe hiding behind one proxy, even with a VPN. I like how tor routes accross several nodes AND encrypts the traffic at each. I'de like your opinions on TOR for this functionality.

    Is TOR a honeypot as some have said?
     
  2. Autumn

    Autumn Elite Member

    Joined:
    Nov 18, 2010
    Messages:
    2,197
    Likes Received:
    3,041
    Occupation:
    I figure out ways to make money online and then au
    Location:
    Spamville
    Tor itself is probably not a honey pot although there are those who say that the CIA has a back door since it was initially sponsored by the Navy. However since anyone can set up a server, anyone could be harvesting your traffic.

    I use tor for a lot of stuff and it's a good solution for your garden variety spamming that no one cares about in any real legal sense, since link spamming is probably not illegal anyway. However since anyone can get a list of tor exit nodes, it's blocked at a lot of places eg. google blocks 90%+ of tor exit nodes. It's also very slow.

    It's also very difficult to set up multithreaded apps to work with tor. For example, if I'm running a link spamming script using curl/php and 500 threads, I can assign each thread its own HTTP / SOCKS proxy quite easily and they'll all run in parallel. If you want to do something similar with tor, you have to set up multiple side by side installations of tor running on their own ports, which is much more difficult and much more of a server load.

    There are pros and cons to both methods. If you want high volume, you pretty much have to look beyond tor. As long as you're not doing anything illegal, sending any really valuable information and you test and re-test your proxies to make sure they're not leaking info, proxies aren't that bad.
     
    • Thanks Thanks x 2
  3. Kid Shaleen

    Kid Shaleen Regular Member

    Joined:
    Oct 29, 2009
    Messages:
    250
    Likes Received:
    63
    I'd say TOR is reasonably safe for your needs (unless you're planning on selling kiddie porn, munitions, or illegal drugs in which case I never tried to answer your question.)

    There is the speed problem that Autumn wrote about. One workaround is to check the status of different nodes (enter "tor network status" for Google and get a list of the latest sites providing that information.) You can then sort the nodes by speed and set your TOR init file to use the fastest ones.
     
  4. gscan

    gscan Newbie

    Joined:
    Dec 1, 2010
    Messages:
    45
    Likes Received:
    8
    If obscuring the source of your traffic is the need, then Tor should be fine, though there are rumours (probably trolls) that there are Tor 0days, but I wouldn't put the idea behind me either. If you want, audit the source code yourself if you need that confirmation.

    I know for a fact there is really shady stuff being passed through Tor, such as CP, and I also know for a fact there are feds that also browse the network in order to catch the low-hanging fruit that are more elementary in terms of technical knowledge - for instance those who have JS enabled on their browser. Feds set up an LEA trap for the sickos who don't know shit about networking, and bam! they have their home IP. So from this you can learn it's also a matter of taking responsibility on your part as well in order to keep your anonymity safe.
     
  5. stumpyb

    stumpyb Newbie

    Joined:
    Dec 9, 2008
    Messages:
    14
    Likes Received:
    1
    tor itself isn't a honeypot but there are "honeypot clients" who connect to share their IP. it is "anonymous" but it is noy encrypted. be aware.
     
  6. toephank

    toephank Newbie

    Joined:
    Aug 11, 2010
    Messages:
    20
    Likes Received:
    1
    I don't think TOR is save from big G. I have a friend using TOR for "playing tricks" on adsense, and now he's been banned for good.
     
  7. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    645
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    Well, sorry to say that using tor to try gaming adsense is quite retarded, to be honest... :rolleyes: As someone said above the vast majority of the traffic out of tor nodes trying to simply access the google search page requires image verification... Not saying that adsense can't be fooled because IT CAN, contrary to popular belief, but it requires something a tad bit smarter than that.... :p
     
    Last edited: Feb 27, 2011
  8. playerb

    playerb Junior Member

    Joined:
    Aug 25, 2010
    Messages:
    116
    Likes Received:
    54
    you could use tor to connect to an ssh server with dynamic port fowarding enabled, and use that ssh tunnel/proxy to prevent an 'evil' exit node from sniffing anything.

    then again, whoevers network the ssh server is on could still sniff your traffic. lol

    edit: to answer your question yes I think tor is anonymous, so long as you dont' do anything stupid (like have flash enabled)
     
    Last edited: Feb 28, 2011
  9. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    That would actually destroy the whole anonymity chain, or where do you plan to get the tunneling ssh server from ?

    Tor is very secure.
    There are ways to break the anonymity but none are really dangerous to you and it's not possible to do it at a later time. (only while you are active)
    It's more theory than reality.

    But as people said, it's possible to 'sniff' your data when you use Tor.
    But if you use SSL/HTTPS or other similar encryption methods you are pretty secure.
     
  10. dingdong

    dingdong Junior Member

    Joined:
    Dec 20, 2006
    Messages:
    128
    Likes Received:
    19
    TOR has handed people over to German police before so no, not exactly anonymous. Anyway, most proxy services will hand over your info if something criminal is suspected. So the answer to your question is depends. What are you using it for? If you're using it to watch horse-woman porn anonymously - no one will bother. Credit card fraud? Think again.
     
  11. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    dingdong: that's a bold statement and not true.
    citation needed, eh ?
     
  12. Autumn

    Autumn Elite Member

    Joined:
    Nov 18, 2010
    Messages:
    2,197
    Likes Received:
    3,041
    Occupation:
    I figure out ways to make money online and then au
    Location:
    Spamville
    The Tor foundation didn't give anything up, the German police seized the servers from one particular operator in the hunt for illegal porn. It's unclear what they managed to extract from them.

    http://www.google.com/search?q=tor+german+police
     
  13. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Ah that's what he was refering to.
    I think some people should just stick to learning basics before training others ;)

    They can't learn anything from it, that's the whole thing about Tor.

    The only thing police (or an admin in our case hopefully) will see is the IP you used, the exit-node.
    Raiding that computer will only reveal the fact that it is an exit node.
    Even if they catch you "live" while you do something, they can only see what you do but not where you come from.

    Of course there are other ways to reveal your identity, mostly browser side insecurity.
    So getting caught in-the-act is never good when an expert is hunting you.
     
  14. AmGoth

    AmGoth Newbie

    Joined:
    Apr 23, 2012
    Messages:
    2
    Likes Received:
    0
    Sorry to dredge up such an old thread but I wanted to pick your brains about something. I understand that by allowing scripts to run I could be negating most of the security Tor provides, but in my case I am wanting to submit a document to Wikileaks and I want to do it with an online email service like Gmail or whatever, but I can't create a new acct unless I allow those scripts to run. Any advice on how I can send someone a file without them ever finding out it was me? Whistle blowers are not normally treated very well it seems and I don't want to lose my job...
     
  15. Autumn

    Autumn Elite Member

    Joined:
    Nov 18, 2010
    Messages:
    2,197
    Likes Received:
    3,041
    Occupation:
    I figure out ways to make money online and then au
    Location:
    Spamville
    Go and do it at an internet cafe without any security cameras, or find an open wifi hotspot you can use. If there are serious consequences then don't use your own connection, period.

    I would use a shittier email service than gmail because Google has tons of patents about identifying unique browsers and linking them to user accounts.
     
  16. AmGoth

    AmGoth Newbie

    Joined:
    Apr 23, 2012
    Messages:
    2
    Likes Received:
    0
    Thanks, unfortunately I cannot use any anon public wifi or internet cafe as there are none here... I am currently working in a country that has ULTRA tight internet access enforced. No public wifi without first registering your phone number and no phone number without proper ID and in-person application. I have occasinally found unsecured private wifi nets but I don;t want the police coming down on someone that is innocent.
     
  17. mazgalici

    mazgalici Supreme Member

    Joined:
    Jan 2, 2009
    Messages:
    1,489
    Likes Received:
    881
    Home Page:
    IF something is for free, your are the one which is sold
     
    • Thanks Thanks x 1
  18. turbojerry

    turbojerry Newbie

    Joined:
    Apr 16, 2012
    Messages:
    5
    Likes Received:
    0
    TOR is secure, I don't know of any instances where traffic has been traced and the code is open so no backdoors, it is slow though, occasionally one LEA somewhere will raid some servers and find nothing, I'd just go with a commercial anon proxy rather than TOR as it will be much faster.
     
  19. catonkeyboard

    catonkeyboard Regular Member

    Joined:
    Dec 7, 2011
    Messages:
    272
    Likes Received:
    166
    think it's secure
     
  20. HazardPT

    HazardPT Registered Member Premium Member

    Joined:
    Nov 24, 2008
    Messages:
    99
    Likes Received:
    26
    Occupation:
    Bizness
    Location:
    Москва
    TOR is only as secure as the server you connect to when going through... How you know its not a honeypot shit server set up by Interpols? :D